Understanding the environment in which we operate is an important element for business decision-making. Trustwave, a company providing a set of resources including managed cybersecurity services and cloud services, ethical hackers, security experts and various technologies to protect businesses from various forms of threats, conducted the research with Osterman Research from August to September 2016 in order to gain a better understanding of the problems related to the recruitment of IT security talent in companies, the budget allocated to computer security and many other issues related to the management of computer security.
To achieve this, Osterman interviewed 147 IT security decision makers, influencers, and advisors in large and medium-sized companies in North America. After surveying the responses of all the respondents, 57% of the participants found that finding and recruiting computer security professionals is a real obstacle. The other obstacle is to have the right person, and another thing is to be able to retain it within the company. 35% of respondents felt it is hard to retain people with proven skills in specialized areas of security.
Moreover, of the 147 respondents, only 8% believe that three-quarters or more of their staff have the right skills to deal with complex problems. This scarcity of skills leads only one in nine of the respondents to say they can find the skills they need to meet their safety requirements, while a third of respondents say they have difficulty identifying safety skills and the skills they need. Similarly, almost half believe this problem will get worse.
In general, companies are better equipped and more oriented towards routine maintenance and updating. But when it comes to addressing emerging or evolving threats, 40% of respondents say they do not have the right skills to deal with these issues.
To solve this problem, respondents want to increase the expertise of their employees rather than seek to increase the number of employees. Moreover, although diplomas and certificates may be basic elements in meeting the requirements of these enterprises, respondents point out that the persons sought in this field are those who actually have the experience to resell.
However, as with all industries, use highly skilled people to provide cybersecurity at a cost. Ideally, IT security would have a budget that would allow them to invest where they need to be able to solve the problems that are most critical. Unfortunately, the majority of these people have little or no control over their budget.
Only slightly less than 30% of respondents feel they are fully supported by their company’s executives when it comes to investing in people with the right skills to deal with complex security issues. Even more alarming, at least 7 out of 10 IT security managers have a few or common disagreements with their management on budgeting and staffing issues. To get an idea of what is usually done in companies, the survey reveals that nearly three out of four IT departments devote no more than a quarter of their IT budget to security.